Updates to your operating system aren’t just to get cool new features. In fact, their primary raison d’être is to provide vital security updates that patch holes and vulnerabilities. Such is the case with Mac OS X 10.10.3, which fixes a potentially devastating flaw, but only for OS X Yosemite users.
Emil Kvarnhammar, writing for Swedish security firm TrueSec’s blog, explained that he discovered a nasty vulnerability known as Rootpipe back in October 2014. It took Apple six months, but the manufacturer did finally issue a patch in its most recent security update. The only trouble is that not everyone will receive it.
As Kvarnhammar points out, Mac OS X 10.9.x and older will not receive the patch, necessitating an update to 10.10.3 as soon as possible. To be clear, this means that if you are running OS X Mavericks, Mountain Lion, Lion or Snow Leopard, you are missing out on a very important security update.
Rootpipe is a hack developed by Kvarnhammar himself that takes advantage of a backdoor in Apple’s application program interface. Basically, it takes advantage of a hole in a Mac operating system’s code, then escalates privilege so that any user can pretend to be an administrator. From there, hijacking the computer is child’s play, as is installing all manner of spyware or malware.
One important thing to keep in mind is that Kvarnhammar is a researcher, and Rootpipe is a proof-of-concept. There is no evidence that hackers are currently taking advantage of this exploit in the wild.
However, Kvarnhammar shared some details about the process in his blog post, and will give a whole talk about it at Security Conference 2015 in Stockholm on May 28. After that, an enterprising malefactor could probably piece together a similar program.
Many Mac users are hesitant to upgrade to Yosemite because it has the potential to slow down older systems (most Macs from 2007 or later are eligible for a free upgrade), perhaps necessitating the purchase of an expensive new machine. We leave it to you to weigh a nasty security risk against a machine that runs at peak efficiency, and decide which is more important.
For instructions on how to upgrade, check Apple Support.